Hdys0vn

Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

hackerone-reports

Top disclosed reports from HackerOne

pingcastle

PingCastle - Get Active Directory Security at 80% in 20% of the time

BBScan

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers

DidierStevensSuite

Please no pull requests for this repository. Thanks!

nanodump

The swiss army knife of LSASS dumping

MySQL_Fake_Server

MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize

crawlergo_x_XRAY

360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能

RouteVulScan

Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件

BountyHunterInChina

重生之我在安全行业讨口子系列，分享在安全行业讨口子过程中，SRC、项目实战的有趣案例

OneScan

OneScan是递归目录扫描的BurpSuite插件

Goby

blasting

burpsuite_hack

一款代理扫描器

PasswordDic

渗透测试常用密码字典合集(持续更新)

NTLMRecon

Enumerate information from NTLM authentication enabled web endpoints 🔎

LinuxEelvation

Linux Eelvation(持续更新)

Periscope

Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation)

DirCreate2System

Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting

POSTDump

PySQLTools

Mssql利用工具

HTTP-Shell

MultiPlatform HTTP Reverse Shell

AutoSmuggle

Utility to craft HTML or SVG smuggled files for Red Team engagements

JSource-Obfuscator

Java Source Code Obfuscator（java源代码混淆器）

MSSqlPwner

EchoDrv

Exploitation of echo_driver.sys

WinRpcTest

利用RPC服务，批量探测内网Windows出网情况

Sign-Sacker

Sign-Sacker(签名掠夺者)：一款数字签名复制器，可将其他官方exe中数字签名复制到没有签名的exe中。

ICMPWatch

ICMPWatch: ICMP Packet Sniffer

pass-list

自用账户口令破解字典（自定义密码，姓名字典、常见用户名字典、密码字典、手机号字典、目录字典、后台字典、虚拟身份号字典)2023年最新整理